CVE-2008-0233

{"id": "CVE-2008-0233", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-11T02:46:00.000", "references": [{"url": "http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4864", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg."}, {"lang": "es", "value": "Vulnerabilidad de subida de fichero no restringida en Zero CMS 1.0 Alpha y anteriores permite a atacantes remotos evitar las restricciones de acceso planeadas y ejecutar ficheros de su elecci\u00f3n subiendo un fichero de avatar con tipo de contenido (Content-Type) como image/jpeg."}], "lastModified": "2017-09-29T01:30:10.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zero_cms:zero_cms:1.0_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E05AC519-6859-4308-BEF1-23D8666472A2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}